package com.carrot.uaa.authorization.federation;

import com.carrot.uaa.entity.OAuth2User;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.token.*;

/**
 * 给token添加自定义参数
 */
@Configuration
public class TokenCustomizer {

    @Bean
    public OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer() {
        return context -> {
            String authorizationGrantType = context.getAuthorizationGrantType().getValue();
            if(AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(authorizationGrantType)){
                Authentication principal = context.getPrincipal();
                OAuth2User OAuth2User = (OAuth2User) principal.getPrincipal();
                JwtClaimsSet.Builder claims = context.getClaims();
                if (context.getTokenType().equals(OAuth2TokenType.ACCESS_TOKEN)) {
                    // Customize headers/claims for access_token
                    //租户
                    claims.claim("tenantId", OAuth2User.getTenantId());
                    //手机号
                    claims.claim("mobile", OAuth2User.getMobile());
                    //昵称
                    claims.claim("nickname", OAuth2User.getNickname());
                    //用户类型
                    claims.claim("userTypeEnum", OAuth2User.getUserType());
                    //身份类型
                    claims.claim("userIdentityType", OAuth2User.getIdentityType());
                    //用户ID
                    claims.claim("uid", OAuth2User.getUid());
                } else if (context.getTokenType().getValue().equals(OidcParameterNames.ID_TOKEN)) {
                    // Customize headers/claims for id_token

                }
            }

        };
    }

    @Bean
    public OAuth2TokenCustomizer<OAuth2TokenClaimsContext> jwkCustomizer() {
        return context -> {
            String authorizationGrantType = context.getAuthorizationGrantType().getValue();
            if(AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(authorizationGrantType)){
                Authentication principal = context.getPrincipal();
                OAuth2User OAuth2User = (OAuth2User) principal.getPrincipal();
                OAuth2TokenClaimsSet.Builder claims = context.getClaims();
                if (context.getTokenType().equals(OAuth2TokenType.ACCESS_TOKEN)) {
                    // Customize headers/claims for access_token
                    //租户
                    claims.claim("tenantId", OAuth2User.getTenantId());
                    //手机号
                    claims.claim("mobile", OAuth2User.getMobile());
                    //昵称
                    claims.claim("nickname", OAuth2User.getNickname());
                    //用户类型
                    claims.claim("userTypeEnum", OAuth2User.getUserType());
                    //身份类型
                    claims.claim("userIdentityType", OAuth2User.getIdentityType());
                    //用户ID
                    claims.claim("uid", OAuth2User.getUid());
                } else if (context.getTokenType().getValue().equals(OidcParameterNames.ID_TOKEN)) {
                    // Customize headers/claims for id_token

                }
            }

        };
    }
}
